Superconductor

Aberdeen released a new survey report that details how companies are attempting to become PCI compliant. You can download a copy of it here.

This report provides insights into the year-over-year progress that Best-in-Class organizations have been made in achieving, and sustaining, compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Public disclosures of security breaches involving consumer cardholder data continue to be a threat to consumer confidence in payment cards, and a growing source of financial risk for the payment card industry. The payment card industry has made steady progress in establishing a common set of security standards, evangelizing best practices, and encouraging adoption. Aberdeen's research shows that Best-in-Class organizations have indeed achieved superior protection of cardholder data through compliance with PCI DSS, and even Laggards have made encouraging gains in the last year.

The most interesting thing about the report is the comparisons of companies who have thought through a pro-active compliance program, established goals, evaluated technology solutions and started to implement them; and those that are still researching their options (laggards).

Five Compelling Facts from the Research:

1. On average Best-in-Class companies are achieving 22% better performance at addressing the 12 high-level PCI DSS security requirements, compared to other respondents.
2. Best-in-Class companies took 29% less time to achieve PCI compliance than all other respondents.
3. Best-in-Class companies spent 9% less to achieve PCI compliance than all other respondents.
4. Best-in-Class companies are spending 56% less to sustain PCI compliance than all other respondents.
5. Between 40-50% of Best-in-Class companies have reduced the number of failed audits and the number of data security incidents over the last 12 months.